This question came from our site for professional and enthusiast programmers. Votes, comments, and answers are locked due to the question being closed here, but it may be eligible for editing and reopening on the site where it originated.

Err... if WireShark is too technical, then I wonder how you will use whatever monitoring solution to detect viruses. Also note that usually LANs are switched so you won't get a lot of traffic to you, better have statistics collection done on the switch (if it's something beyond a $10 switch from the local hardware store, you can use SNMP software to get just what you want)
–
cdegrootJul 12 '11 at 10:51

so do you want this to be a distributed IDS as in each desktop will be running this?
–
tony rothJul 12 '11 at 16:49

2

Get a good AV suite and it will monitor for viruses. Doing this manually is nuts.
–
Chris SJul 12 '11 at 17:29

2 Answers
2

In a typical modern network, this will most probably not give you what you want, due to the network being switched.

From a single machine, you may see probes from other machines, aimed at that specific host (or sent as broadcast). You won't see traffic aimed at the Internet.

You can probably get some of what you want by interrogating the SNMP agent on your switch(es), that should give you traffic levels and the like. Typically, virus activities tend to cause noticeably higher traffic levels.

If you have a router that supports NetFlow, you can get more detailed statistics from that.

Unfortunately, I do not know of any cheap tool that will give you a nice GUI for what you want. If that is what you want, it may be worth investigation what tools your network device vendor(s) have that can help you. Personally, I would probably just write the necessary analysis and report-generating code, using snmplib and an open-source netflow collector for data collection.